Google Expands Scope of Its Patch Rewards Program

Google’s Patch Reward Program was established to recognize proactive security improvements to open-source projects. This week, Google Security Team announced some more projects eligible for rewards under the initiative. Included in this list are:

All the open-source components of Android: Android Open Source Project

Widely used web servers: Apache httpd, lighttpd, nginx

Popular mail delivery services: Sendmail, Postfix, Exim, Dovecot

Virtual private networking: OpenVPN

Network time: University of Delaware NTPD

Additional core libraries: Mozilla NSS, libxml2

Toolchain security improvements for GCC, binutils, and llvm

The Patch Reward Program encourages volunteers to improve the security of key third-party software critical to the health of the entire internet.

Volunteers are required to submit their patches to the maintainers of individual projects. Submissions which are deemed to have a positive impact on the project’s security qualify for a rewared of between $500 and $3133.7. More information on the program can be found here.